<?php
/*
 * Copyright 2009 Eat Local Food, LLC
 * Copyright (c) 2007 osCommerce (this file was written after
 * code review of osCommerce).
 *
 * This file is part of gwtCommerce.
 *
 * gwtCommerce is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 2 of the License, or
 * (at your option) any later version.
 *
 * gwtCommerce is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with gwtCommerce.  If not, see <http://www.gnu.org/licenses/>.
 */

defined('IN_COMPONENT_CONTROLLER') or die();

require_once('includes/functions/functions.php');

function genCaptchaCode($len)
{
	$charset = 'ABCDEFGHKLMNPRSTUVWYZ23456789';
	$code = '';
	for($i = 1, $cslen = strlen($charset); $i <= $len; ++$i) {
		$code .= strtolower( $charset{rand(0, $cslen - 1)} );
	}
	return $code;
}

function validateCaptchaCode(&$params)
{
	$captchaCode = prepare_input($params['captcha_code']);
	$captchaSession = prepare_input($params['captcha_session']);
	if ($captchaCode == null || strlen($captchaCode) == 0) return -1;
	if ($captchaSession == null || strlen($captchaSession) == 0) return -2;

	$captchaCode = strtolower($captchaCode);

	$sqlQuery = 'SELECT value from ' . TABLE_SESSIONS .
		' where sesskey=\'' . mysql_real_escape_string($captchaSession) . '\'';
	$dataReturned = mysql_query($sqlQuery) or die(mysql_error());
	$i = 0;
	while($row = mysql_fetch_array($dataReturned))
	{
		$captchaOriginalCode = $row['value'];
		$i++;
	}
	if ($i == 0) return -3;
		
	if ($captchaCode != $captchaOriginalCode) return -4;
			
	$sql = 'DELETE FROM ' . TABLE_SESSIONS .
		' where sesskey=\'' . mysql_real_escape_string($captchaSession) . '\'';
	mysql_query($sql) or die(mysql_error());

	return 0;
}

class CaptchaComponent
{
	function CaptchaComponent()
	{
		if (!$this->SESS_LIFE = get_cfg_var('session.gc_maxlifetime')) $this->SESS_LIFE = 1440;
		$this->captcha_length = 5;
	}

	function action(&$params, $action='query')
	{
		if ($action == 'CaptchaSetup') 
			return $this->captchaSetup($params);
		else if ($action == 'CaptchaImage') 
			return $this->captchaImage($params);
	}

	function query(&$params)
	{
	}

	function captchaSetup(&$params)
	{
		$handle = get_class($this);
		$expiry = time() + $this->SESS_LIFE;

		$captchaSession = random_generator(32);
		$captchaCode = genCaptchaCode($this->captcha_length);
		$sql = 'insert into ' . TABLE_SESSIONS . ' (sesskey, expiry, value) values (\'' . $captchaSession . '\',' . $expiry . ',\'' . $captchaCode . '\')';
		mysql_query($sql) or die(mysql_error());

		$value{$handle}{0}{'captcha_session'}= $captchaSession;
		return $value;
	}

	function captchaImage(&$params)
	{
		$captchaSession = prepare_input($params['captcha_session']);
		$sqlQuery = 'SELECT value from ' . TABLE_SESSIONS .
		' where sesskey=\'' . mysql_real_escape_string($captchaSession) . '\'';

		$dataReturned = mysql_query($sqlQuery) or die(mysql_error());
		$i = 0;
		while($row = mysql_fetch_array($dataReturned))
		{
			$captchaCode = $row['value'];
			$i++;
		}

		if ($i > 0)
		{
			include_once('securimage/securimage.php');
			$image = new Securimage();
			$captchaCode = strtoupper($captchaCode);
			$image->code = $captchaCode;
			$image->show();
		}
	}
}
?>
